Hi all- I'm wondering if anyone can share a "best practices" for setting up a dedicated webserver running Apache 2.0 on SUSE Pr0 9.2, like proper partitioning, lockdown, etc. I noticed an older doc referring to (I think) SUSE 6.2 or 7 that's floating around out there, but obviously that's kinda dated... I'm interested in what packages and services should be installed, and which shouldn't (but are by default) for the sake of security... stuff like that. Thanks!
take a look at the CISecurity Linux and Apache benchmarks here: http://www.cisecurity.org/ They are a bit centric, but include a lot of good ideas you can transfer to SuSe. couple other related papers: http://www.giac.org/practical/GCUX/Randal_Warner_GCUX.pdf (RHAS 3, but its close enough to Suse... very much 'step by step' style paper) Alex Hargrove wrote:
Hi all-
I'm wondering if anyone can share a "best practices" for setting up a dedicated webserver running Apache 2.0 on SUSE Pr0 9.2, like proper partitioning, lockdown, etc. I noticed an older doc referring to (I think) SUSE 6.2 or 7 that's floating around out there, but obviously that's kinda dated... I'm interested in what packages and services should be installed, and which shouldn't (but are by default) for the sake of security... stuff like that.
Thanks!
participants (2)
-
Alex Hargrove -
Johannes B. Ullrich